Revealed: The 25 worst online passwords

Matt Allan

Hacking and data breaches are, sadly, an everyday fact of life in the 21st century but some people really aren’t helping matters by using simple, easy-to-break passwords.

While a secure password can help protect everything from emails and personal photos to banking details, some people still aren’t getting the message, with millions opting for the same, simple options that are a gift to hackers.

SplashData has released its annual list of the 25 worst passwords and despite high-profile cases such as the Ashley Madison and T-Mobile hacks perennial favourites “123456” and “password” are still top of the list.

Using public dumps of hacked data from 2015, the security analysts found more than two million passwords and studied these to come up with the 25 most popular and, therefore, most easily cracked.

While various versions of the numbers sequence and the old “run-the-finger-along-the-keyboard” technique were also prevalent in the list, sport and pop culture also got a look-in.

“football” moved up three places to seventh on the list while “baseball” held on in the top 10 as well. The return of one of cinema’s biggest franchise prompted “starwars” to enter the top 25 and is probably also responsible for the appearance of “solo” and perhaps “princess” in the list as well.

Releasing the list SplashData said: “Since the most popular passwords are so common, these popular passwords would be among the very first tried by any hacker or malicious ‘cracking’ program. When you choose a password, you want something unique, complex, and unusual, and you want to make sure you use different passwords for different sites.

“Since exposure is constantly increasing - more sites being hacked, more passwords at risk - it’s almost inevitable that some of your logins somewhere will be exposed. You just want to make sure that exposure doesn’t have a cascading effect on your other logins, especially at more valuable sites and services (e.g. email and financial services).”

Here’s the list in full, if you recognise yours on it, it’s time to rethink your logins...